© MAR 2018 | IRE Journals | Volume 1 Issue 9 | ISSN: 2456-8880

Two-Factor Data Security Protection

Mechanism for Cloud Storage System
CHILAKA HARI KRISHNA1, DEVARAPALLI BHANUDHAR2, BURAGA RAKESH3
1,2,3
Department of Computer Science & Engineering, Vasireddy Venkatadri Institute of Technology
(VVIT), Guntur, Andhra Pradesh, India-522508

Abstract -- Here, we propose a two-factor data security it is stored the higher risk it contains for unauthorized
protection mechanism with factor revocability for cloud physical access to the data. By sharing storage and
storage system. Our system allows a sender to send an networks with many other users it is also possible for
encrypted message to a receiver through a cloud storage
other unauthorized users to access your data. This may
server. The sender only needs to know the identity of the
be due to mistaken actions, faulty equipment, or
receiver but no other information (such as its public key or
its certificate). The receiver needs to possess two things in
sometimes because of criminal intent. A promising
order to decrypt the cipher text. The first thing is his/her solution to offset the risk is to deploy encryption
secret key stored in the computer. The second thing is a technology. Encryption can pro-tect data as it is being
unique personal security device which connects to the transmitted to and from the cloud service. It can further
computer. It is impossible to decrypt the cipher text without protect data that is stored at the ser-vice provider. Even
either piece. More importantly, once the security device is there is an unauthorized adversary who has gained
stolen or lost, this device is revoked. It cannot be used to access to the cloud, as the data has been encrypted, the
decrypt any cipher text. This can be done by the cloud
adversary cannot get any information about the
server which will immediately execute some algorithms to
plaintext. Asymmetric encryption allows the encrypt
change the existing cipher text to be un-decrypt able by this
device. This process is completely transparent to the sender.
or to use only the public information (e.g., public key
Furthermore, the cloud server cannot decrypt any cipher or identity of the receiver) to generate a cipher text
text at any time. The security and efficiency analysis show while the receiver uses his/her own secret key to
that our system is not only secure but also practical. decrypt. This is the most convenient mode of
encryption for data transition, due to the elimination of
I. INTRODUCTION key management existed in symmetric encryption. In
a normal asymmetric encryption, there is a single
secret key corresponding to a public key or an identity.
CLOUD storage [10] is a model of net-worked storage
The decryption of cipher text only requires this key.
system where data is stored in pools of storage which
The key is usually stored inside either a personal
are generally hosted by third parties. There are many
computer or a trusted server, and may be protected by
benefits to use cloud storage. The most notable is data
a password. The security protection is sufficient if the
accessibility. Data stored in the cloud can be accessed
computer/server is isolated from an opening network.
at any time from any place as long as there is network
Unfortunately, this is not what happens in the real life.
access. Storage maintenance tasks, such as purchasing
While being associated with the world through the
additional storage capacity, can be offloaded to the
Internet, the PC/server may experience the ill effects
responsibil-ity of a service provider. Another
of a potential hazard that programmers may barge in
advantage of cloud storage is data sharing between
into it to trade off the mystery key without letting the
users. If Alice wants to share a piece of data (e.g., a
key proprietor know. In the physical security
video) to Bob, it may be difficult for her to send it by
viewpoint, the PC putting away a client decoding key
email due to the size of data. Instead, Alice uploads the
might be utilized by another client when the first PC
file to a cloud storage system so that Bob can
client (i.e. the key proprietor) is away (e.g., when the
download it at any time.
client goes to latrine for some time without locking the
Despite its advantages, outsourcing data storage also machine). In an endeavor or school, the sharing use of
increases the attack surface area at the same time. For PCs is likewise normal. For instance, in a school, an
example, when data is distributed, the more locations open PC in a copier room will be imparted to all

IRE 1700356 ICONIC RESEARCH AND ENGINEERING JOURNALS 157

 © MAR 2018 | IRE Journals | Volume 1 Issue 9 | ISSN: 2456-8880

understudies remaining at a similar floor. In these user needs to have his/her secret key which is stored in
cases, the mystery key can be bargained by a few the computer. Second, the user needs to have a unique
aggressors who can get to the casualty's close to home personal security device which will be used to connect
information put away in the cloud framework. In this to the computer (e.g., USB, Bluetooth and NFC). It is
way, there exists a need to improve the security impossible to decrypt the cipher text without either
assurance. piece.

A similarity is e-keeping money security. Numerous 3) More importantly, our system, for the first time,
e-managing an account applications require a client to provides security device (one of the factors)
utilize both a secret key and a security gadget (two revocability. Once the security device is stolen or
variables) to login framework for cash exchange. The reported as lost, this device is revoked. That is, using
security gadget may show a one-time watchword to this device can no longer decrypt any cipher text
give the client a chance to type it into the framework, (corresponding to the user) in any circumstance. The
or it might be expected to associate with the PC (e.g., cloud will immediately execute some algorithms to
through USB or NFC). The motivation behind change the existing cipher text to begun-decryptableby
utilizing two elements is to improve the security this device. This process is completely transparent to
assurance for the entrance control. the sender.

They will become more sensitive and important, as if

4) The cloud server cannot decrypt any cipher text at
the e-banking analogy. Actually, we have noticed that
any time.
the concept of two-factor encryption, which is one of
We provide an estimation of the running time of our
the encryption trends for data protection,1 has been
prototype to show its practicality, using some
spread into some real-world applications, for example,
benchmark results. We also note that although there
full disk encryption with Ubuntu system, AT&T two
exist some naive approaches that seem to achieve our
factor encryption for Smart-phones,2 electronic
goal, we have discussed in Section 1.1 that there are
vaulting and druva—cloud-based data encryption.3
many limitations by each of them and thus we believe
However, these applications suffer from a potential
our mechanism is the first to achieve all the above
risk about factor revocability that may limit their
mentioned features in the literature
practicability. Note we will explain it later. A flexible
and scalable two-factor encryption mechanism is
III. CONSTRUCTION
really desirable in the era of cloud computing. That
motivates our work. We have two diverse encryption innovations: one is
IBE and the other is conventional Open Key
II. RESEARCH ELABORATIONS Encryption (PKE). At first we enable a client to
produce at first level figure message under a collector's
In this paper, we propose a novel two-factor security personality. The fisrt level figure content will be
protection mechanism for data stored in the cloud. Our additionally changed into a moment level figure
mechanism provides the following nice features: content comparing to a security gadget. The
1) Our system is an IBE (Identity-based encryption) subsequent figure content can be unscrambled by a
based mechanism. That is, the sender only needs to legitimate collector with mystery key and security
know the identity of the receiver in order to send an gadget. Here, one may question that our development
encrypted data (cipher text) to him/her. No other is an insignificant and clear blend of two distinct
information of the receiver (e.g., public key, certificate encryptions. Shockingly, this isn't valid because of the
etc.) is required. Then the sender sends the cipher text way that we have to additionally bolster security
to the cloud where the receiver can download it at any gadget revocability. A unimportant mix of IBE and
time. PKE can't accomplish our objective. To help
revocability, we utilize re-encryption innovation with
2) Our system provides two-factor data encryption the end goal that the piece of figure content for an old
protection. In order to decrypt the data stored in the security gadget can be refreshed for another gadget if
cloud, the user needs to possess two things. First, the

IRE 1700356 ICONIC RESEARCH AND ENGINEERING JOURNALS 158

 © MAR 2018 | IRE Journals | Volume 1 Issue 9 | ISSN: 2456-8880

the old gadget is denied. Then, we have to produce an

extraordinary key for the above figure content
transformation. By getting to the exceptional key, the
old figure content and the refreshed figure message,
the cloud server can't accomplish any learning of
message. We additionally utilize hash-signature
technique to "sign" figure content with the end goal
that once a segment of figure content is tempered by
enemy, the cloud and cipher text collector can tell.
From the above introductions, we can see that our two-
factor assurance framework with security gadget
revocability can't be acquired by inconsequentially
joining an IBE with a PKE. We present the system Fig 1: Update cipher text after issuing a new security
description as follows. device.
1) Setup phase: the setup phase generates all public
parameters and master secret key used throughout the
execution of system.
2). The SDI finally delivers the security device to a
user ID.
3) First-level cipher text generation phase: a data
sender encrypts a data under the identity of a data
receiver, and further sends the encrypted data to the
cloud server. Fig 2: Ordinary data sharing.
4) Second-level cipher text phase: after receiving the
first level cipher text of a data from the data sender, the
IV. SYSTEM EVALUATION
cloud server generates the second-level cipher text
4.1 Security Analysis
5) Device updated phase: Once a device of a user needs
to be updated due to some incidences (e.g., it is either We separate two security levels for our scheme: one is
lost or stolen), the user first reports the issue to the SDI. allowing an adversary to achieve the secret key of user
The SDI then issues a new device for the user. but not the corresponding secure device, and the other
is the reversed case. For Type-I Security. Here we
6) Cipher text updated phase: The SDI notifies the
allow an adversary to obtain the secret key of a user
cloud server to update the cipher text of the user by
but not the corresponding security device. We analyze
sending a special piece of information.
the security of our scheme under the model of Type-I.
7) Data recovery phase. A data receiver uses a Practical analysis: An adversary A now is given the
decryption key and a device to recover the data as secret key skIDi of user IDi. We show thatAcannot
follows. recover the underlying message by only leveraging
knowledge of skIDi as follows.
Table 1 Computer Comparison

IRE 1700356 ICONIC RESEARCH AND ENGINEERING JOURNALS 159

 © MAR 2018 | IRE Journals | Volume 1 Issue 9 | ISSN: 2456-8880

4.2 Efficiency Analysis

We analyze the efficiency of our mechanism as well as
its comparison with [2] (the most efficient two-secret
protection system but no revocability) and [20] (the
most efficient single secret system with revocability)
in terms of computational and communicational cost.
We present the theoretical comparison in Tables 2 and
3 for computation and communication complexity,
respectively. From Table 2, it can be seen that our
system requires additional computation cost in
security device generation and update, whereas others
do not need any cost. This is because ours supports
security device revocability. In cipher text generation,
our system does not require any pairings operation,
and it is worth of mentioning that the second level
cipher text generation cost can be offloaded to a cloud TABLE 4 Computation Comparison (Running Time
server. Compared to [20] for other metrics, our system in Second) II
only requires slight extra cost; while we just need an
additional pairing in cipher text update. A similar From Table 4, we see that our running time is nearly
phenomenon does exist in Table 3 in the sense that our the same as that of [20], and meanwhile, our system
system needs extra communication cost in delivery of outperforms [20] and [2] in encryption. In the
security device. Except for this, our communication communication cost, our scheme suffers from the
complexity is much closer to that of others. largest price in “Updated Cipher text Size” due to a
reason that the scheme outputs a pairing in the update
phase. However, we state that the price is only an
V. CONCLUSION
approximately 50 percent increase from that of [20] in
In this paper, we presented a novel two-factor the same metric, which is an acceptable increment.
information security assurance instrument for
distributed storage framework, in which an
information sender is permitted to encode the
information with learning of the personality of a REFERENCES
collector just, while the beneficiary is required to
utilize the two his/her mystery key and a security [1] A. Akavia, S. Goldwasser, and V.
gadget to access the information. Our answer upgrades Vaikuntanathan, “Simultaneous hardcore bits
and cryptography against memory attacks,”
the privacy of the information, as well as offers the
in Proc. 6th Theory Cryptography Conf.,
revocability of the gadget so once the gadget is 2009, pp. 474–495.
repudiated, the relating figure content will be [2] S. S. Al-Riyami and K. G. Paterson,
refreshed consequently by the cloud server with no “Certificateless public key cryptography,” in
notice of the information proprietor. Besides, we Proc. 9th Int. Conf. Theory Appl. Cryptol.,
displayed the security confirmation and productivity 2003, pp. 452–473.
[3] M. H. Au, J. K. Liu, W. Susilo, and T. H.
examination for our framework.
Yuen, “Certificate based (linkable) ring
signature,” in Proc. Inf. Security Practice
Experience Conf., 2007, pp. 79–92.
[4] M. H. Au, Y. Mu, J. Chen, D. S. Wong, J. K.
Liu, and G. Yang, “Malicious KGC attacks in
certificateless cryptography,” in Proc. 2nd
ACM Symp. Inf., Comput. Commun.
Security, 2007, pp. 302–311.

IRE 1700356 ICONIC RESEARCH AND ENGINEERING JOURNALS 160

 © MAR 2018 | IRE Journals | Volume 1 Issue 9 | ISSN: 2456-8880

[5] M. Blaze, G. Bleumer, and M. Strauss, Proc. Int. Conf. Theory Appl. Cryptographic
“Divertible protocols and atomic proxy Techn., 2003, pp. 130–144.
cryptography,” in Proc. Int. Conf. Theory [18] L. Ferretti, M. Colajanni, and M. Marchetti,
Appl. Cryp-tographic Techn., 1998, pp. 127– “Distributed, concurrent, and independent
144. access to encrypted cloud databases,” IEEE
[6] A. Boldyreva, V. Goyal, and V. Kumar, Trans. Parallel Distrib. Syst., vol. 25, no. 2,
“Identity-based encryp-tion with efficient pp. 437–446, Feb. 2014.
revocation,” in Proc. ACM Conf. Comput. [19] C. Gentry, “Certificate-based encryption and
Com-mun. Security, 2008, pp. 417–426. the certificate revocation problem,” in Proc.
[7] D. Boneh, X. Ding, and G. Tsudik, “Fine- Int. Conf. Theory Appl. Cryptographic
grained control of secu-rity capabilities,” Techn., 2003, pp. 272–293.
ACM Trans. Internet Techn., vol. 4, no. 1, pp. [20] M. Green and G. Ateniese, “Identity-based
60– 82, 2004. proxy re-encryption,” in Proc. 5th Int. Conf.
[8] D. Boneh and M. Franklin, “Identity-based Appl. Cryptography Netw. Security, 2007,
encryption from the Weil pairing,” in Proc. pp. 288–306.
21st Annu. Int. Cryptol. Conf., 2001, pp.
213– 229.
[9] R. Canetti and S. Hohenberger, “Chosen-
ciphertext secure proxy re-encryption,” in
Proc. ACM Conf. Comput. Commun.
Security, 2007, pp. 185–194.

[10] H. C. H. Chen, Y. Hu, P. P. C. Lee, and Y.

Tang, “NCCloud: A net-work-coding-based
storage system in a cloud-of-clouds,” IEEE
Trans. Comput., vol. 63, no. 1, pp. 31–44,
Jan. 2014.
[11] S. S. M. Chow, C. Boyd, and J. M. G. Nieto,
“Security-mediated certificateless
cryptography,” in Proc. 9th Int. Conf. Theory
Practice Public-Key Cryptography, 2006, pp.
508–524.
[12] C.-K. Chu, S. S. M. Chow, W.-G. Tzeng, J.
Zhou, and R. H. Deng, “Key-aggregate
cryptosystem for scalable data sharing in
cloud storage,” IEEE Trans. Parallel Distrib.
Syst., vol. 25, no. 2, pp. 468– 477, Feb. 2014.
[13] C.-K. Chu and W.-G. Tzeng, “Identity-based
proxy re-encryption without random oracles,”
in Proc. 10th Int. Con. Inf. Security, 2007, pp.
189–202.
[14] R. Cramer and V. Shoup, “Design and
analysis of practical publickey encryption
schemes secure against adaptive chosen
ciphertext attack,” SIAM J. Comput., vol. 33,
no. 1, pp. 167–226, Jan. 2004.
[15] Y. Dodis, Y. T. Kalai, and S. Lovett, “On
cryptography with auxiliary input,” in Proc.
41st Annu. ACM Symp. Theory Comput.,
2009, pp. 621–630.
[16] Y. Dodis, J. Katz, S. Xu, and M. Yung, “Key-
insulated public key cryptosystems,” in Proc.
Int. Conf. Theory Appl. Cryptographic
Techn., 2002, pp. 65–82.
[17] Y. Dodis, J. Katz, S. Xu, and M. Yung,
“Strong key-insulated signature schemes,” in

IRE 1700356 ICONIC RESEARCH AND ENGINEERING JOURNALS 161